IN THE CLAIMS 

Please amend claim 1 as follows: 
1. (Currently amended) A network address translating gateway for detecting 

datagrams having process-specific nontranslatable port addresses and passing said 
datagrams through the gateway without translating their port addresses, said gateway 
connecting a LAN to an external network, said LAN using local IP addresses said 
gateway having a local IP address that can be referenced by devices on said LAN and 
having an external P address that can be referenced by devices on said external network, 
said gateway comprising: 

a plurality of internal tables associating combinations of local IP addresses of 
local devices on said LAN, external IP addresses of external devices on said external 
network, SPI - In values, SPI - Out values, source port addresses, destination port 
addresses, process-specific port addresses, and maintaining a list of selected process- 
specific nontranslatable port addresses to which datagrams can be passed without 
translating their port addresses, 

means for performing normal address translation upon datagrams passing from 
said LAN to said external network and datagrams passing from said external network to 
said LAN, 

means for delivering a datagram from a local device on said LAN to an external 
device on said external network by receiving a datagram from a local device on said LAN 
intended for delivery to an external device on said external network, and determining 
whether the destination port address for said datagram is included in said list of selected 
process-specific nontranslatable port addresses and, if said destination port address is not 
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included in said list of selected process-specific pert nontranslatable port addresses, 
performing normal address translation upon said datagram and passing said datagram to 
said external network for routing and delivery to said external device, 

and if said destination port address is included in said list of selected process- 
specific nontranslatable port addresses, determining whether said destination port address 
is bound to a local IP address, and if said destination port address is bound to a local IP 
address, performing normal address translation upon said datagram and passing said 
datagram to said external network, 

and if said destination port address is not bound to a local IP address, passing said 
datagram through said gateway without translating said port addresses of said datagram, 
modifying said source IP address of said datagram to be said external IP address of said 
gateway, binding said destination port address to the local IP address of said local device 
and creating an association between said destination port address and the external IP 
address of said external device, and passing said datagram to said external network for 
routing and delivery to said external device. 

2. (Previously presented) The network address translating gateway of claim 1, 
wherein the means for delivering a datagram from a local device on said LAN to an 
external device further comprises a means for determining whether said datagram is 
encrypted and, if said datagram is encrypted, determining whether the SPI of said 
datagram is recorded in the SPI - Out field in said internal table and, if said SPI is 
recorded in said SPI - Out field, modifying the source IP address of said datagram to be 
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said external IP address of said gateway and passing said datagram to said external 
network for routing and delivery to said external device. 

3. (Previously presented) The network address translating gateway of claim 2, 
further comprising if said SPI is not recorded in said SPI - Out field of said internal table, 
means for setting the SPI - In field corresponding to the local IP address of said local 
device equal to zero and setting said SPI - Out field equal to said SPI, modifying said 
source IP address of said datagram to be said external IP address of said gateway and 
passing said datagram to said external network for routing and delivery to said external 
device. 

4. (Previously presented) The network address translating gateway of claim 1, 
wherein the network address translating gateway further comprises means for delivering a 
datagram from said external device to said local device by receiving a datagram from said 
external device on said external network intended for delivery to said local device on said 
LAN, means for determining whether said datagram is encrypted and, if said datagram is 
encrypted, determining whether the datagram's SPI is recorded in said SPI - In field of 
said internal table and, if said SPI is recorded in said SPI - In field, modifying the 
destination IP address of said datagram to be said local IP address of said local device 
and passing said datagram to said LAN for routing and delivery to said local device, 

and if said SPI is not recorded in said SPI - In field of said internal table, 
determining whether said SPI - In field corresponding to said IP address of said external 
device is equal to zero and, if said SPI - In field is not equal to zero, discarding said 
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datagram, and if said SPI - In field is equal to zero, setting said SPI - In field equal to said 
SPI, modifying the destination IP address of said datagram to be said local IP address of 
said local device and passing said datagram to said LAN for delivery to said local device, 
and if said datagram is not encrypted, determining whether the destination port 
address for said datagram is included in said list of selected process-specific port 
nontranslatable addresses and, if said destination port address is not included in said list 
of selected process-specific nontranslatable port addresses, performing normal address 
translation upon said datagram and passing said datagram to said LAN for delivery to 
said local device, 

and if said destination port address is included in said list of selected process- 
specific nontranslatable port addresses, determining whether said destination port address 
is bound to a local IP address, and if said destination port address is not bound to a local 
IP address, discarding said datagram, and if said destination port address is bound to a 
local IP address, determining whether said destination port address is associated with the 
external IP address of said external device, and if said destination port address is 
associated with the external IP address of said external device^ modifying said destination 
IP address of said datagram to be the bound local IP address of said local device, 
unbinding said destination port address from said local IP address, and passing said 
datagram through to said LAN for delivery to said local device. 

5. (Previously presented) The network address translating gateway of claim 1, 

further comprising a timer, wherein, upon receiving a signal that a selected process- 
specific nontranslatable port address has become bound to an IP address, said timer will 
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commence timing for a predetermined length of time and, upon the expiration of said 
predetermined length of time, will send a signal causing said selected process-specific 
nontranslatable port address to become unbound from said IP address, and, upon 
receiving a signal indicating that said selected process-specific nontranslatable port 
address has become unbound from said IP address prior to the expiration of said 
predetermined length of time, said timer will stop timing and will reset. 

6. (Previously presented) The network address translating gateway of claim 1 
in which said external network is the internet. 

7. (Previously presented) The network address translating gateway of claim 6 
in which said LAN is a virtual private network. 

8. (Previously presented) A method of processing IP datagrams from a local 
device on a LAN using local IP addresses through a network address translating gateway 
to an external device on an external network by passing datagrams having process- 
specific port addresses through said network address translating gateway without 
translating said port addresses, comprising the steps of: 

maintaining a plurality of tables associating local IP addresses of local devices on 
said LAN, external IP addresses of external devices on said external network, port 
addresses of said local devices, port addresses of said external devices, SPI - In values, 
SPI - Out values, and process-specific port addresses, and a list of selected process- 
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specific port addresses to which datagrams can be passed without translating their port 
addresses, 

receiving a datagram from said LAN 

determining whether the destination port address for said datagram is included in 
said list of selected process-specific port addresses and, if said destination port address is 
not included in said list of selected process-specific port addresses, performing normal 
address translation upon said datagram and passing said datagram to said external 
network for routing and delivery to said external device, 

and if said destination port address is included in said list of selected process- 
specific port addresses, determining whether said destination port address is bound to an 
IP address, and if said destination port is bound to an IP address, performing normal 
address translation upon said datagram and passing said datagram to said external 
network, 

and if said destination port address is not bound to an IP address, passing said 
datagram through said gateway without translating the port addresses in said datagram, 
modifying said source IP address to be said external IP address for said gateway, binding 
said destination port address to the local IP address of said local device and creating an 
association between said destination port address and said external IP address of said 
external device, and passing said datagram to said external network for routing and 
delivery to said external device. 

9. (Previously presented) The method of claim 8, further comprising the steps of: 
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determining whether said datagram is encrypted and, if said datagram is 
encrypted, determining whether the SPI in said datagram is recorded in the SPI - Out 
field of one of said plurality of internal tables and, if said SPI is recorded in said SPI - 
Out field of said internal table, modifying the source IP address to be the external IP 
address of said gateway and passing said datagram to said external network for routing 
and delivery to said external device, and if said SPI is not recorded in said SPI - Out field 
of said internal table, setting said SPI - Out field corresponding to the IP address of said 
external device equal to said SPI and setting the SPI - In field of said internal table to 
zero, modifying said source IP address to be said external IP address of said gateway, and 
passing said datagram to said external network for routing and delivery to said external 
device. 

10. (Previously presented) A method of processing IP datagrams from an external 
device on an external network through a network address translating gateway to a local 
device on a LAN using local IP addresses, comprising the steps of 

maintaining a plurality of tables associating local IP addresses of local devices on 
said LAN, external IP addresses of external devices on said external network, port 
addresses of said local devices, port addresses of said external devices, SPI - In values, 
SPI - Out values, and process-specific port addresses, and a list of selected process- 
specific port addresses, 

receiving a datagram from said external network 

determining whether said datagram is encrypted and if said datagram is not 
encrypted, determining whether the destination port address for said datagram is included 
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in said list of selected process-specific port addresses, and if said destination port address 
is not included in said list of selected process-specific port addresses, performing normal 
address translation and passing said datagram to said LAN for routing and delivery to 
said local device, 

and if said destination port address is included in said list of selected process- 
specific port addresses, determining whether said destination port address is bound to a 
local IP address, and if said destination port is not bound to a local IP address, discarding 
said datagram, 

and if said destination port address is bound to a local IP address, determining 
whether said destination port address is associated with the external IP address of said 
external device, and if said destination port address is associated with said external IP 
address of said external device, modifying said destination IP address to be the bound 
local IP address of said local device, unbinding said destination port address from said 
local IP address, and passing said datagram through said gateway to said LAN for routing 
and delivery to said local device. 

11. (Previously presented) The method of claim 10, wherein the method further 
comprises the steps, if said datagram is encrypted, of: 

determining whether the SPI in said datagram is recorded in the SPI - In field of 
one of said plurality of internal tables and, if said SPI is recorded in said SPI - In field of 
said internal table, modifying the destination IP address to be the local IP address of the 
local device corresponding to said SPI - In field and passing said datagram to said LAN 
for routing and delivery to said local device, 
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and if said SPI is not recorded in said SPI - In field of said internal table, 
determining whether said SPI - In field corresponding to the IP address of said external 
device is zero, and if said SPI - In field is not zero, discarding said datagram, 

and if said SPI - In field is equal to zero, modifying said SPI - In field to be said 
SPI, modifying said destination IP address to be said local IP address of said local device 
corresponding to said SPI - In field, and passing said datagram to said LAN for routing 
and delivery to said local device. 

12. (Previously presented) The method of processing IP datagrams as claimed in claim 
8, further comprising the steps of starting a timer whenever a selected process-specific 
port address becomes bound to said local IP address of said local device, 

resettling said timer whenever said destination port address has become released, 
and sending a signal whenever said timer is active and a predetermined length of 
time has expired from the time said timer was started. 

13. (Canceled) 

14. (Previously presented) The method of processing IP datagrams as claimed 
in claim 1 1, in which said external network is the internet. 

15. (Previously Presented) The method of processing IP datagrams as claimed 
in claim 1 1 in which said LAN is a virtual private network. 



16. -Missing 
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17. (Previously presented) The method of processing DP datagrams as claimed 
in claim 12 in which said LAN is a virtual private network. 

18. (Previously presented) A machine readable storage, having stored thereon a 
computer program comprising a plurality of code sections executable by a machine for 
connecting a LAN to an external network via a network address translating gateway, said 
gateway having a local IP address that can be referenced by devices on said LAN and 
having an external IP address that can be referenced by devices on said external network, 
and further comprising a plurality of internal tables associating combinations of local IP 
addresses of local devices on said LAN, external IP addresses of external devices on said 
external network, source port addresses, destination port addresses, process-specific port 
addresses, and a list of selected process-specific port addresses including at least port 
500, for causing the machine to pass datagrams through without translating port addresses 
where the port addresses in such datagrams are nontranslatable, said machine performing 
the steps of: 

processing a datagram from a local device on said LAN by receiving a datagram 
from a local device on said LAN intended for delivery to an external device on said 
external network; 

determining whether the destination port address for said datagram is included in 
said list of selected process-specific port addresses and determining whether said 
destination port address is bound to a local IP address on said LAN; 
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and if said destination port address is not included in said list of selected process- 
specific port addresses, performing normal address translation upon said datagram and 
passing said datagram to said external network for routing and delivery to said external 
device; 

and if said destination port address is included in said list of selected process- 
specific port addresses, and said destination port address is bound to a local IP address, 
performing normal address translation upon said datagram and passing said datagram to 
said external network; 

and if said destination port address is not bound to a local IP address on said 
LAN, modifying said source IP address of said datagram to be said external IP address of 
said gateway, binding said destination port address to the local IP address of said local 
device and creating an association between said destination port address and the external 
IP address of said external device, and passing said datagram to said external network for 
routing and delivery to said external device without translating said port addresses of said 
datagram. 

19. (Previously presented) The network address translating gateway of claim 1 
wherein said list of selected process-specific nontranslatable port addresses to which 
datagrams can be passed without translating their port addresses comprises port 500. 

20. (Previously presented) The method of claim 8, in which said list of selected 
process-specific port addresses to which datagrams can be passed without translating 
their port addresses 
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comprises port 500. 

21. (Previously presented) The method of claim 10, in which said list of selected 
process-specific port addresses comprises port 500. 
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